Title: OOSOFT 2FA Security
Author: oosoft
Published: <strong>2026 年 4 月 28 日</strong>
Last modified: 2026 年 4 月 28 日

---

搜索插件

![](https://ps.w.org/oosoft-2fa-security/assets/icon-256x256.png?rev=3518666)

# OOSOFT 2FA Security

 作者：[oosoft](https://profiles.wordpress.org/oosoft/)

[下载](https://downloads.wordpress.org/plugin/oosoft-2fa-security.zip)

 * [详情](https://cn.wordpress.org/plugins/oosoft-2fa-security/#description)
 * [评价](https://cn.wordpress.org/plugins/oosoft-2fa-security/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/oosoft-2fa-security/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/oosoft-2fa-security/#developers)

 [支持](https://wordpress.org/support/plugin/oosoft-2fa-security/)

## 描述

OOSOFT 2FA Security adds robust two-factor authentication to your WordPress site.
Protect every login with a second verification step using a TOTP authenticator app(
Google Authenticator, Authy, etc.) or a one-time code sent to your email address.

**Key Features:**

 * **TOTP Authenticator App** — compatible with Google Authenticator, Authy, Microsoft
   Authenticator, and any RFC 6238-compliant app.
 * **Email OTP** — sends a time-limited one-time code to the user’s registered email
   address.
 * **Backup Codes** — generate single-use recovery codes so users are never locked
   out.
 * **Role-Based Enforcement** — require 2FA for specific roles (e.g. administrators)
   while leaving it optional for others.
 * **Rate Limiting** — brute-force protection with configurable attempt limits and
   lockout periods.
 * **Security Logs** — detailed event logging with filterable admin view and automatic
   pruning.
 * **Encrypted Secret Storage** — TOTP secrets are encrypted at rest using libsodium(
   preferred) or AES-256-GCM/CBC via OpenSSL.
 * **HKDF Key Derivation** — encryption keys are derived from your WordPress secret
   keys; no raw key material is stored.

## 安装

 1. Upload the `oosoft-2fa-security` folder to the `/wp-content/plugins/` directory.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Go to **Settings > 2FA Security** to configure enforcement rules and options.
 4. Users can set up their preferred 2FA method from their **Profile** page.

## 常见问题

### Which authenticator apps are supported?

Any app that supports the TOTP standard (RFC 6238), including Google Authenticator,
Authy, Microsoft Authenticator, and 1Password.

### What happens if a user loses their authenticator app?

Users can log in with one of their backup codes. Administrators can also disable
2FA for a user from the Users list.

### Is TOTP secret storage secure?

Yes. Secrets are encrypted with AES-256 (libsodium secretbox preferred, OpenSSL 
AES-256-GCM/CBC as fallback) before being stored in the database. Encryption keys
are derived from your site’s unique WordPress secret keys via HKDF-SHA256.

### Does this plugin work with WooCommerce or custom login forms?

The plugin intercepts WordPress’s core authentication pipeline, so it works with
any theme or plugin that uses `wp_signon()` or the standard login form.

## 评价

此插件暂无评价。

## 贡献者及开发者

「OOSOFT 2FA Security」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ oosoft ](https://profiles.wordpress.org/oosoft/)
 *   [ OOSOFT ](https://profiles.wordpress.org/mudivillanv/)

[帮助将「OOSOFT 2FA Security」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/oosoft-2fa-security)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/oosoft-2fa-security/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/oosoft-2fa-security/)，或通过[RSS](https://plugins.trac.wordpress.org/log/oosoft-2fa-security/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/oosoft-2fa-security/)。

## 更新日志

#### 1.0.2

 * Improved escaping and security hardening throughout.
 * Removed deprecated load_plugin_textdomain() call (WordPress 4.6+ auto-loads translations).
 * Added HKDF key derivation fallback warning when WordPress secret keys are not
   configured.

#### 1.0.1

 * Fixed QR code scanning compatibility with major authenticator apps.
 * Switched to proven qrcodejs library for QR generation.

#### 1.0.0

 * Initial release.

## 额外信息

 *  版本 **1.0.2**
 *  最后更新：**2 周前**
 *  活跃安装数量 **不到10**
 *  WordPress 版本 ** 6.0 或更高版本 **
 *  已测试的最高版本为 **6.9.4**
 *  PHP 版本 ** 8.0 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/oosoft-2fa-security/)
 * 标签
 * [2FA](https://cn.wordpress.org/plugins/tags/2fa/)[otp](https://cn.wordpress.org/plugins/tags/otp/)
   [security](https://cn.wordpress.org/plugins/tags/security/)[totp](https://cn.wordpress.org/plugins/tags/totp/)
   [two factor authentication](https://cn.wordpress.org/plugins/tags/two-factor-authentication/)
 *  [高级视图](https://cn.wordpress.org/plugins/oosoft-2fa-security/advanced/)

## 评级

尚未提交反馈。

[Your review](https://wordpress.org/support/plugin/oosoft-2fa-security/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/oosoft-2fa-security/reviews/)

## 贡献者

 *   [ oosoft ](https://profiles.wordpress.org/oosoft/)
 *   [ OOSOFT ](https://profiles.wordpress.org/mudivillanv/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/oosoft-2fa-security/)